Category: Uncategorized

NetBSD 8.0 released

~ hucktech ~ Leave a comment

Some General changes in latest NetBSD release:
* USB stack rework, USB3 support added.
* PaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk.
* PaX ASLR (Address Space Layout Randomization) enabled by default on: i386, amd64, evbarm, landisk, sparc64.

Some Intel/AMD-centric changes:
* Meltdown mitigation: SVS (Separate Virtual Space), enabled by default.
* SpectreV2 mitigation: retpoline (support in gcc), used by default for kernels. Other hardware mitigations are also available.
* SpectreV4 mitigations available for Intel and AMD.
* PopSS workaround: user access to debug registers is turned off by default.
* Lazy FPU saving disabled on vulnerable Intel CPUs (“eagerfpu”).
* Improvement and hardening of the memory layout: W^X, fewer writable pages, better consistency, better performance.
* (U)EFI bootloader.

https://www.netbsd.org/releases/formal-8/NetBSD-8.0.html

http://netbsd.gw.com/cgi-bin/man-cgi?mcp3kadc+4.i386+NetBSD-8.0

http://blog.netbsd.org/tnf/entry/netbsd_8_0_released

https://wiki.netbsd.org/Installation_on_UEFI_systems/

Red Hat: SPECTRE Variant 1 scanning tool

~ hucktech ~ Leave a comment

As part of Red Hat’s commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this tool via this article. […] The tool currently only supports the x86_64 and AArch64 architectures. We do hope to add additional architectures in the future.[…]

https://access.redhat.com/blogs/766093/posts/3510331

https://people.redhat.com/~nickc/Spectre_Scanner/scanner.tar.xz

Bloomberg article on Google Fuchsia

~ hucktech ~ Leave a comment

This story gives some background on Google’s Fuchsia platform.

https://www.bloomberg.com/news/articles/2018-07-19/google-team-is-said-to-plot-android-successor-draw-skepticism

Project ‘Fuchsia’: Google is Quietly Working on a Successor to Android
By Mark Bergen
and Mark Gurman
July 19, 2018, 3:00 AM PDT Updated on July 19, 2018, 8:31 AM PDT

 

NyanMBR: Nyancat in the MBR

~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2017/12/01/nyan-load-and-efi-example/

There’s also a nyan for BIOS, not only the above UEFI one!

NYAN ALL THE MBRs!

A 16 bit Nyan cat demo small enough to fit in the master boot record of a disk.

BEFORE YOU CONTINUE: USE ON YOUR OWN RISK, PLAYING WITH MBRs IS LIKE PLAYING WITH FIRE. DO NOT BE ON FIRE!

https://github.com/brainsmoke/nyanmbr

Who Watches the Watchmen: slides online

~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/07/14/who-watches-the-watchmen-a-security-focused-review-on-current-state-of-the-art-techniques-tools-and-methods-for-systems-and-binary-analysis-on-modern-platforms/

the slides are now available:

Click to access paper_who_watches_the_watcher_detecting_hypervisor_introspection_from_unprivileged_guests.pdf

ministub: Simplified EFI stub for Linux, based on systemd’s EFI stub

~ hucktech ~ Leave a comment

A simplified EFI stub that allows you to bundle a Linux kernel image, initial RAM disk, and command line into a single EFI binary, so that you can sign the image and use it in a user key Secure Boot setup. This is just a simplified version of systemd’s stub.

Rationale: systemd’s usual EFI stub includes the command line, kernel image and RAM disk as separate sections in the PE. I was having random boot failures with that, and so I wondered if the extra sections were causing issues with my laptop’s pretty poor UEFI implementation.

https://github.com/angelsl/ministub

 

 

LLVM: Introduce a new pass to do Speculative Load Hardening (SLH) to mitigate Spectre variant 1

~ hucktech ~ Leave a comment

A new speculative load hardening pass was added for X86, aiming to mitigate Spectre variant #1

http://llvmweekly.org/issue/237

https://reviews.llvm.org/rL336990

 

r2angrdbg: use angr inside the radare2 debugger

~ hucktech ~ Leave a comment

Use angr inside the radare2 debugger.

Create an angr state from the current debugger state.

https://github.com/andreafioraldi/r2angrdbg

FOSSbytes: Comparing OEM Windows from Retail Windows

~ hucktech ~ Leave a comment

What is OEM Windows? How It’s Different From Retail Version Of Windows?

[…]The OEM Windows has its product key tied to a particular device. While the retail product key also works on one machine, it can be transferred to another one. Earlier, in the case of laptops, the OEM product key was written on the bottom part of the device. Nowadays, it’s embedded directly into firmware (BIOS or UEFI) of a device and used by Windows when required.[…]

What is OEM Windows? How It’s Different From Retail Version Of Windows?

Huawei: Security Advisory – Side-Channel Vulnerability Variants 3a and 4

~ hucktech ~ Leave a comment

SA No:huawei-sa-20180615-01-cpu
Initial Release Date: Jun 15, 2018
Last Release Date: Jul 17, 2018

Intel publicly disclosed new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown. These variants known as 3A (CVE-2018-3640)and 4 (CVE-2018-3639), local attackers may exploit these vulnerabilities to cause information leak on the affected system. (Vulnerability ID: HWPSIRT-2018-05139 and HWPSIRT-2018-05140).[…]

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180615-01-cpu-en